Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2017-8099

    There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.... Read more

    Affected Products : whizz whizz
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8077

    On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8121

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8159

    Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is differen... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8075

    On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8126

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8078

    On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8074

    On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.... Read more

    Affected Products : tl-sg108e_firmware tl-sg108e
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8127

    The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8102

    Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.... Read more

    Affected Products : serendipity
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8133

    Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low ... Read more

    Affected Products : neteco
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8085

    In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.... Read more

    Affected Products : exponent_cms
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8125

    The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-8110

    www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.... Read more

    Affected Products : modified_ecommerce_shopsoftware
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8130

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8117

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8116

    The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.... Read more

    • Published: Jul. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8145

    The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a DoS vulnerability. An attacker may trick a user into ins... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8194

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest m... Read more

    Affected Products : fusionsphere_openstack
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8128

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293577 Results